Re: [squid-users] acl and upstream proxy, X-Forwarded-For header

From: Abdul Khader <[email protected]>
Date: Mon, 26 Jan 2004 22:01:02 -0800 (PST)

Hi,
I am sorry.
I got around the patching problem. I have to patch the
squid 2.5 stable2 and not squid 2.5 stable1.
But now the problem is squid is not getting the
ipaddresses of the clients, instead it is putting
127.0.0.1 in the access.log . I am running
dansguardian and have enabled it to forward client ip
addresses.

Please advise.

Regards
Abdul Khader

--- Henrik Nordstrom <hno@squid-cache.org> wrote:
> Please use the squid-users mailinglist for Squid
> questions.
>
> Personal support is only provided as part of a Squid
> support agreements.
> Squid support agreements can be purchased from MARA
> Systems AB
> <url:http://www.marasystems.com/> or
> sales@marasystems.com.
>
> Regards
> Henrik
>
>
>
> On Mon, 26 Jan 2004, Abdul Khader wrote:
>
> > Hi,
> > Below are the contents of teh structs.h.rej.
> > I edited the structs.h file and added the the
> > following code
> >
> > + #if FOLLOW_X_FORWARDED_FOR
> > + int acl_uses_indirect_client;
> > + int delay_pool_uses_indirect_client;
> > + int log_uses_indirect_client;
> > + #endif /* FOLLOW_X_FORWARDED_FOR */
> >
> > But when I run bootstrap.sh I get the following
> error
> >
> > ./bootstrap.sh
> > WARNING: Using auxiliary files such as
> `acconfig.h',
> > `config.h.bot'
> > WARNING: and `config.h.top', to define templates
> for
> > `config.h.in'
> > WARNING: is deprecated and discouraged.
> >
> > WARNING: Using the third argument of `AC_DEFINE'
> and
> > WARNING: `AC_DEFINE_UNQUOTED' allows to define a
> > template without
> > WARNING: `acconfig.h':
> >
> > WARNING: AC_DEFINE([NEED_MAIN], 1,
> > WARNING: [Define if a function `main'
> is
> > needed.])
> >
> > WARNING: More sophisticated templates can also be
> > produced, see the
> > WARNING: documentation.
> > configure.in:1399: warning: AC_CHECK_TYPE:
> assuming
> > `u_short' is not a type
> > configure.in:2077: error: do not use LIBOBJS
> directly,
> > use AC_LIBOBJ (see section `AC_LIBOBJ vs LIBOBJS'
> > If this token and others are legitimate,
> please
> > use m4_pattern_allow.
> > See the Autoconf documentation.
> > autoconf failed
> > Autotool bootstrapping failed. You will need to
> > investigate and correct
> > before you can develop on this source tree
> >
> > I tried to compile the squid without running
> > bootstrap.sh. I gave the following command to
> compile
> > squid.
> >
> > ./configure --enable-delay-pools
> > --enable-cache-digests --enable-poll
> > --disable-ident-lookups --enable-truncate
> > --enable-removal-policies
> > --enable-follow-x-forwarded-for
> >
> > The compilation goes well and I can find the
> following
> > in the squid.conf file
> >
> > acl_uses_indirect_client on
> > delay_pool_uses_indirect_client on
> > log_uses_indirect_client on
> >
> > But when I run the squid, it gives the following
> error
> > 2004/01/26 15:17:45| parseConfigFile: line 1762
> > unrecognized: ' follow_x_forwarded_for allow all'
> > 2004/01/26 15:17:45| parseConfigFile: line 1773
> > unrecognized: ' acl_uses_indirect_client on'
> > 2004/01/26 15:17:45| parseConfigFile: line 1784
> > unrecognized: ' delay_pool_uses_indirect_client
> on'
> > 2004/01/26 15:17:45| parseConfigFile: line 1795
> > unrecognized: ' log_uses_indirect_client on'
> >
> > squid starts working but without the Follow
> > X-Forwarded-For headers support.
> >
> > Please comment.
> >
> > Regards
> > Abdul Khader
> >
> >
> > CONTENTS OF STRUCTS.H.REJ
> > ==========================
> > ***************
> > *** 592,597 ****
> > int vary_ignore_expire;
> > int pipeline_prefetch;
> > int request_entities;
> > } onoff;
> > acl *aclList;
> > struct {
> > --- 592,602 ----
> > int vary_ignore_expire;
> > int pipeline_prefetch;
> > int request_entities;
> > + #if FOLLOW_X_FORWARDED_FOR
> > + int acl_uses_indirect_client;
> > + int delay_pool_uses_indirect_client;
> > + int log_uses_indirect_client;
> > + #endif /* FOLLOW_X_FORWARDED_FOR */
> > } onoff;
> > acl *aclList;
> > struct {
> > ~
> >
> >
> >
> >
> > --- Henrik Nordstrom <hno@squid-cache.org> wrote:
> > > See src/structs.h.rej for what you need to do to
> > > complete the patch.
> > >
> > > Regards
> > > Henrik
> > >
> > > On Sun, 25 Jan 2004, Abdul Khader wrote:
> > >
> > > > Hi,
> > > > When I apply the patch Iget the following
> error.
> > > >
> > > > patch -p0 < ../follow_xff-2.5.patch
> > > > patching file acconfig.h
> > > > patching file bootstrap.sh
> > > > Hunk #1 succeeded at 19 with fuzz 2 (offset
> -40
> > > > lines).
> > > > patching file configure.in
> > > > Hunk #1 succeeded at 1072 (offset -28 lines).
> > > > patching file src/acl.c
> > > > Hunk #1 succeeded at 1965 (offset -36 lines).
> > > > patching file src/cf.data.pre
> > > > Hunk #1 succeeded at 2023 (offset -42 lines).
> > > > patching file src/client_side.c
> > > > Hunk #2 succeeded at 181 (offset -1 lines).
> > > > Hunk #3 succeeded at 497 (offset -2 lines).
> > > > Hunk #4 succeeded at 3156 (offset -72 lines).
> > > > patching file src/delay_pools.c
> > > > patching file src/structs.h
> > > > Hunk #1 FAILED at 592.
> > > > Hunk #2 succeeded at 611 (offset -7 lines).
> > > > Hunk #3 succeeded at 1615 (offset 3 lines).
> > > > Hunk #4 succeeded at 1656 (offset -7 lines).
> > > > Hunk #5 succeeded at 1679 (offset 3 lines).
> > > > 1 out of 5 hunks FAILED -- saving rejects to
> file
> > > > src/structs.h.rej
> > > >
> > > > I am using squid 2.5 stable.
> > > >
> > > > Regards
> > > > Abdul Khader
> > > >
> > > >
> > > > --- Henrik Nordstrom <hno@squid-cache.org>
> wrote:
> > > > > On Sun, 25 Jan 2004, Florian Effenberger
> wrote:
> > > > >
> > > > > > When using ACLs that set access controls
> on an
> > > IP
> > > > > basis - which IP counts?
> > > > > > The one from the querying host (in this
> case
> > > > > another proxy that queries
> > > > > > Squid) or is the X-Forwarded-For header
> used?
> > > > >
> > > > > Squid does not use the X-Forwarded-For
> header,
> > > > > unless you use it in an
> > > > > external acl.
>
=== message truncated ===

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
http://webhosting.yahoo.com/ps/sb/
Received on Mon Jan 26 2004 - 23:01:05 MST

This archive was generated by hypermail pre-2.1.9 : Sun Feb 01 2004 - 12:00:09 MST